—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des Microsoft Product Security
Notification Service. Wir geben diese Informationen unveraendert an Sie
weiter.

CVE-2011-0043 – Schwachstelle in Windows Kerberos

Die Implementierung von Windows Kerberos ermoeglicht die Verwendung von
schwachen Hashalgorithmnen, die es erlauben, dass einige Aspekte eines
Kerberos Service Tickets gefaelscht werden koennen. Ein lokaler
Angreifer kann dies ausnutzen, um ein Token mit erhoehten Privilegien
auf einem System zu erhalten.

CVE-2011-0091 – Schwachstelle in Windows Kerberos

In der Implementierung von Kerberos auf Windows 7 und Server 2008 R2
besteht die Moeglichkeit des Spoofings. Die Schwachstelle entsteht
dadurch, da es einem entfernten Angreifer moeglich ist, die
Authentifikation “downzugraden”, so dass zum Beispiel DES anstelle eines
staerkeren Verschluesselungsstandards verwendet wird. Dazu verwendet der
Angreifer einen Man-in-the-Middle-Angriff, um einen vom Nutzer
abweichenden Algorithmus auszuwaehlen.

Betroffen sind die folgenden Software Pakete und Plattformen:

Windows Kerberos

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 mit SP2 fuer Itanium-basierte Systeme
Windows 7 fuer 32-bit Systeme
Windows 7 fuer x64-basierte Systeme
Windows Server 2008 R2 fuer x64-basierte Systeme
Windows Server 2008 R2 fuer Itanium-basierte Systeme

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Timo Schulz

– —
Timo Schulz, M.Sc. (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen: https://www.cert.dfn.de/autowarn

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2011.0138
Vulnerabilities in Kerberos Could Allow Elevation of Privilege
9 February 2011

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Windows Kerberos
Publisher: Microsoft
Operating System: Windows XP
Windows 7
Windows Server 2003
Windows Server 2008
Impact/Access: Increased Privileges — Existing Account
Provide Misleading Information — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2011-0091 CVE-2011-0043

Original Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS11-013.mspx

– – ————————–BEGIN INCLUDED TEXT——————–

Microsoft Security Bulletin MS11-013 – Important

Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)

Published: February 08, 2011

Version: 1.0

General Information

Executive Summary

This security update resolves one privately reported vulnerability and one
publicly disclosed vulnerability in Microsoft Windows. The more severe of these
vulnerabilities could allow elevation of privilege if a local, authenticated
attacker installs a malicious service on a domain-joined computer.

This security update is rated Important for all supported editions of Windows XP,
Windows Server 2003, Windows 7, and Windows Server 2008 R2. For more information,
see the subsection, Affected and Non-Affected Software, in this section.

This update addresses the vulnerabilities by preventing the use of weak hashing
algorithms in both Windows Kerberos and Windows KDC and by preventing the client
from downgrading the encryption standard to DES for Kerberos communication between
client and server.

Affected Software

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems

Vulnerability Information

Kerberos Unkeyed Checksum Vulnerability – CVE-2011-0043

An elevation of privilege vulnerability exists in implementations of Kerberos.
The vulnerability exists because the Microsoft Kerberos implementation supports
a weak hashing mechanism, which can allow for certain aspects of a Kerberos
service ticket to be forged. A malicious user or attacker who successfully
exploited this vulnerability could obtain a token with elevated privileges on
the affected system

Kerberos Spoofing Vulnerability – CVE-2011-0091

A spoofing vulnerability exists in implementations of Kerberos on Windows 7 and
Windows Server 2008 R2. The vulnerability exists because it is possible to
downgrade Kerberos authentication to use DES instead of the default, stronger
encryption standards included in Windows 7 and Windows Server 2008 R2.

– – ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
– —–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFNUd76/iFOrG6YcBERAgi5AJ42xlgOI32vERG57YDm2eehQ/cLcQCgxFso
khfzEFavoxbUe3HojRzYQrQ=
=eLpv
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.9 (GNU/Linux)

iQEcBAEBAgAGBQJNUp6aAAoJEJtyb8U7iGZBYXMH/1d/IrLQUl3tPEe9YIbCPdOl
toLjkgoWs1K7OstgPGM++EzlVce4yoCUB2v2Fn2BnHrpHWbfaeyyFHuRtx+aVQ0P
CWOoqnQ/W6opM3vX4/ISsYHU5qo8WcOGGuh3Tqcac1B6/AqEsc6OPnr08z9vukrZ
+fdXu2bsudEhZlPT3gh5fJzSMJAyxJzJhIUGhB2VnISaOPwRXLqUEQGIxHYNTLYg
MZ2cFMd6gljhyjaNAAg+Ex+kAtzE2P6OQ2mfSemSZ+67J843dXrvNTBO7uKA0lVA
6ag4sHPDyoKfm07IlRGKrExQvmURLB+GijnWEsGZh4ytpRdjQ8vbTqGYLY7CjBs=
=x+fN
—–END PGP SIGNATURE—–